How are Open Banking Key Ids (kid) Generated?

Something that I've spent a while Googling over the last couple of years of working on PSD2 is "How are Open Banking Key Ids (kid) Generated?"

I say this because it's not super clear how they're generated, and searching Open Banking's documentation hasn't been super easy.

In the spirit of Blogumentation, I want to leave the world a better place and make it easier for others to Google for the answer themselves.

As of writing, we are using v2 of the Open Banking Directory, which is documented on Open Banking's Confluence space. We see that there is a JWK Structure section, which notes that the kid is The SHA-1 hash of the JWK Fingerprint.

This JWK fingerprint is defined in RFC7638: JSON Web Key (JWK) Thumbprint, and as it is a well-defined standard, you should be able to find library support for it, such as Nimbus for Java, using node-jose on Node projects or json-jwt with Ruby.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #open-banking #psd2.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.